Ethical Hacking and Network Defense Chpt 1-3
A written contract isn't necessary when a friend recommends a client. True or False?
False
Antivirus software should be updated annually. True or False?
False
The Ping of Death is an exploit that sends multiple ICMP packets to a host faster than the host can handle. True or False?
False
List the six flags of a TCP packet.
SYN, ACK, PSH, URG, RST, FIN
List the three components of the TCP/IP three-way handshake.
SYN, SYN-ACK, and ACK
A UDP packet is usually smaller than a TCP packet. True or False?
True
An exploit discovered for one OS might also be effective on another OS. True or False?
True
FTP offers more security than TFTP. True or False?
True
One purpose of adware is to determine users' purchasing habits. True or False?
True
List three worms or viruses that use e-mail as a form of attack.
Waledec, Nimda, Melissa, and W32/Sobig.F
A security tester should possess which of the following attributes? (Choose all that apply.) a. Good listening skills b. Knowledge of networking and computer technology c. Good verbal and written communication skills d. An interest in securing networks and computer systems
a. Good listening skills b. Knowledge of networking and computer technology c. Good verbal and written communication skills d. An interest in securing networks and computer systems
What organization designates a person as a CISSP? a. International Information Systems Security Certification Consortium (ISC2) b. EC-Council c. SANS Institute d. GIAC
a. International Information Systems Security Certification Consortium (ISC2)
On a Windows computer, what command can you enter to show all open ports being used? a. Netstat b. Ipconfig c. Ifconfig d. Nbtstat
a. Netstat
Which command verifies the existence of a node on a network? a. Ping b. Ipconfig c. Netstat d. Nbtstat
a. Ping
An exploit that leaves an attacker with another way to compromise a network later is called which of the following? (Choose all that apply.) a. Rootkit b. Worm c. Backroot d. Backdoor
a. Rootkit d. Backdoor
Which organization issues the Top 20 list of current network vulnerabilities? a. SANS Institute b. ISECOM c. EC-Council d. OPST
a. SANS Institute
Which of the following exploits might hide its destructive payload in a legitimate application or game? a. Trojan program b. Macro virus c. Worm d. Buffer overflow
a. Trojan program
Which of the following protocols is connectionless? (Choose all that apply.) a. UDP b. IP c. TCP d. SPX
a. UDP b. IP
Which of the following doesn't attach itself to a host but can replicate itself? a. Worm b. Virus c. Trojan program d. Buffer overflow
a. Worm
Before using hacking software over the Internet, you should contact which of the following? (Choose all that apply.) a. Your ISP b. Your vendor c. Local law enforcement authorities to check for compliance d. The FBI
a. Your ISP c. Local law enforcement authorities to check for compliance
The base-64 numbering system uses bits to represent a character. a. 4 b. 6 c. 7 d. 8
b. 6
What exploit is used to elevate an attacker's permissions by inserting executable code in the computer's memory? a. Trojan program b. Buffer overflow c. Ping of Death d. Buffer variance
b. Buffer overflow
What organization offers the Certified Ethical Hacker (CEH) certification exam? a. International Information Systems Security Certification Consortium (ISC2) b. EC-Council c. SANS Institute d. GIAC
b. EC-Council
Which federal law prohibits intercepting any communication, regardless of how it was transmitted? a. Computer Fraud and Abuse Act, Title 18 b. Electronic Communication Privacy Act c. Stored Wire and Electronic Communications and Transactional Records Act d. Fourth Amendment
b. Electronic Communication Privacy Act
A software or hardware component that records each keystroke a user enters is called which of the following? a. Sniffer b. Keylogger c. Trojan program d. Buffer overflow
b. Keylogger
Which of the following is a good place to begin your search for vulnerabilities in Microsoft products? a. Hacking Web sites b. Microsoft Security Bulletins c. Newsgroup references to vulnerabilities d. User manuals
b. Microsoft Security Bulletins
The Netstat command indicates that POP3 is in use on a remote server. Which port is the remote server most likely using? a. Port 25 b. Port 110 c. Port 143 d. Port 80
b. Port 110
What port, other than port 110, is used to retrieve e-mail? a. Port 25 b. Port 143 c. Port 80 d. Port 135
b. Port 143
A Ping command initially uses which ICMP type code? a. Type 0 b. Type 8 c. Type 14 d. Type 13
b. Type 8
A computer relies on a host to propagate throughout a network. a. Worm b. Virus c. Program d. Sniffer
b. Virus
Which of the following is not a valid octal number? a. 5555 b. 4567 c. 3482 d. 7770
c. 3482
A penetration tester is which of the following? a. A person who accesses a computer or network without permission from the owner b. A person who uses telephone services without payment c. A security professional who's hired to hack into a network to discover vulnerabilities d. A hacker who accesses a system without permission but does not delete or destroy files
c. A security professional who's hired to hack into a network to discover vulnerabilities
What portion of your ISP contract might affect your ability to conduct a penetration test over the Internet? a. Scanning policy b. Port access policy c. Acceptable use policy d. Warranty policy
c. Acceptable use policy
What protocol is used for reporting or informational purposes? a. IGMP b. TCP c. ICMP d. IP
c. ICMP
Some experienced hackers refer to inexperienced hackers who copy or use prewritten scripts or programs as which of the following? (Choose all that apply.) a. Script monkeys b. Packet kiddies c. Packet monkeys d. Script kiddies
c. Packet monkeys d. Script kiddies
To determine whether scanning is illegal in your area, you should do which of the following? a. Refer to U.S. code. b. Refer to the U.S. Patriot Act. c. Refer to state laws. d. Contact your ISP.
c. Refer to state laws.
Which protocol offers guaranteed delivery and is connection oriented? a. UDP b. IP c. TCP d. TFTP
c. TCP
What command is used to log on to a remote server, computer, or router? a. Ping b. Traceroute c. Telnet d. Netstat
c. Telnet
"Destination Unreachable" is designated by which ICMP type code? a. Type 0 b. Type 14 c. Type 3 d. Type 8
c. Type 3
The initial sequence number (ISN) is set at which step of the TCP three-way handshake? a. 1, 2, 3 b. 1, 3 c. 1 d. 1 and 2
d. 1 and 2
To reduce the risk of a virus attack on a network, you should do which of the following? a. Use antivirus software. b. Educate users about opening attachments from suspicious e-mail. c. Keep virus signature files current. d. All of the above
d. All of the above
What type of network attack relies on multiple servers participating in an attack on one host system? a. Trojan attack b. Buffer overflow c. Denial-of-service attack d. Distributed denial-of-service attack
d. Distributed denial-of-service attack
If you run a program in New York City that uses network resources to the extent that a user is denied access to them, what type of law have you violated? a. City b. State c. Local d. Federal
d. Federal
What component can be used to reduce the risk of a Trojan program or rootkit sending information from an attacked computer to a remote host? a. Base-64 decoder b. Keylogger c. Telnet d. Firewall
d. Firewall
What organization designates a person as an OPST? a. International Information Systems Security Certification Consortium (ISC2) b. EC-Council c. SANS Institute d. ISECOM
d. ISECOM
TCP communication could be likened to which of the following? a. Announcement over a loudspeaker b. Bullhorn at a sporting event c. Internet traffic d. Phone conversation
d. Phone conversation
What port does DNS use? a. Port 80 b. Port 69 c. Port 25 d. Port 53
d. Port 53
A team composed of people with varied skills who attempt to penetrate a network is referred to as which of the following? a. Green team b. Blue team c. Black team d. Red team
d. Red team
Which protocol uses UDP? a. FTP b. Netstat c. Telnet d. TFTP
d. TFTP
Which federal law amended Chapter 119 of Title 18, U.S. Code? a. Computer Fraud and Abuse Act, Title 18 b. Electronic Communication Privacy Act c. Stored Wire and Electronic Communications and Transactional Records Act d. U.S. Patriot Act, Sec. 217: Interception of Computer Trespasser Communications
d. U.S. Patriot Act, Sec. 217: Interception of Computer Trespasser Communications
Which of the following is an example of a macro programming language? a. Cþþ b. Windows XP c. Visual Basic d. Visual Basic for Applications
d. Visual Basic for Applications
List three types of malware
viruses, worms, Trojan programs, adware, and spyware
What three models do penetration or security testers use to conduct tests?
white box, black box, gray box
The U.S. Department of Justice defines a hacker as which of the following? a. A person who accesses a computer or network without the owner's permission b. A penetration tester c. A person who uses telephone services without payment d. A person who accesses a computer or network system with the owner's permission
a. A person who accesses a computer or network without the owner's permission
An exploit that attacks computer systems by inserting executable code in areas of memory not protected because of poorly written code is called which of the following? a. Buffer overflow b. Trojan program c. Virus d. Worm
a. Buffer overflow
As a security tester, what should you do before installing hacking software on your computer? a. Check with local law enforcement agencies. b. Contact your hardware vendor. c. Contact the software vendor. d. Contact your ISP.
a. Check with local law enforcement agencies.
Which federal law prohibits unauthorized access of classified information? a. Computer Fraud and Abuse Act, Title 18 b. Electronic Communication Privacy Act c. Stored Wire and Electronic Communications and Transactional Records Act d. Fifth Amendment
a. Computer Fraud and Abuse Act, Title 18
How can you find out which computer crime laws are applicable in your state? a. Contact your local law enforcement agencies. b. Contact your ISP provider. c. Contact your local computer store vendor. d. Call 911.
a. Contact your local law enforcement agencies.
What is the main purpose of malware? a. Doing harm to a computer system b. Learning passwords c. Discovering open ports d. Identifying an operating system
a. Doing harm to a computer system
What's the hexadecimal equivalent of the binary number 1111 1111? a. FF b. 255 c. EE d. DD
a. FF
